On Mon, Apr 17, 2006 at 03:10:24PM -0500, Scott Alan Chaffin wrote:
When installing sendmail (instead of postfix) in the default location of /usr/sbin/sendmail, the mail daemon doesn't start, only the queue handler. Attempting to start the daemon by hand results in the following error:
huron:/usr/sbin # ./sendmail -bD -q15m 451 4.0.0 opendaemonsocket: daemon MTA: cannot bind: Permission denied 421 4.0.0 opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting huron:/usr/sbin #
When I move the sendmail binary to /usr/lib and make a symbolic link to /usr/sbin, it starts as expected, both on the command line and in the /etc/init.d/sendmail script.
It's only a minor inconvenience to start things this way, but it is an inconvenience. I suspect that this is related to some sort of enhanced security on /usr/sbin. The file system is reiserfs.
Does anyone know how to rectify this condition?
Likely caused by AppArmor. Check "logprof" output, or /var/log/audit/audit.log
Ciao, Marcus
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
Marcus, Thanks for the information. You are correct, it is AppArmor that is causing my problem. Looking in /var/log/audit/audit.log, I find: type=APPARMOR msg=audit(1144955349.060:6): REJECTING access to capability 'net_bind_service' (sendmail(3227) profile /usr/sbin/sendmail active /usr/sbin/sendmail) When I disable AppArmor, sendmail runs from /usr/sbin without incident. I think that I'd prefer running with AppArmor rather than without, so I'll look around and learn how to configure AppArmor to allow sendmail to bind to port 25 after I finish with setting up sendmail. Thanks again, Scott